If there's one security occurrence companies of all sizes should plan for, it's that, at some point, an employee is going to lose either a laptop or a mobile phone that contains work-related proprietary information.

 

Large companies almost always have full-time IT departments to guide employees through various steps for password policies, encryption and other security measures. But at small and midsized firms, the task of protecting what's stored on a mobile device is often left up to individual employees, who might or might not follow recommended precautions. However, there's no reason your middle market shouldn't be on top of security these days, regardless of your number of IT people.

At middle market firms, proprietary data is simply too valuable to let employees use it unchecked. If you don't want to potentially compromise your competitive position or suffer productivity losses, then internal IT employees or outside consultants need to teach formal security protocol to your workforce, with regular refreshers on security products and training. Take note of these tips to better understand what must be done to ensure data protection on work-related mobile devices.

Limit Data That Leaves the Office

Use external hard drives or remote storage centers (such as Google Drive, Dropbox or Mozy) so employees only keep essential material on their mobile devices when they're away from the office. With all your data stored on drives in your office or accessible via mobile, the information employees carry around is limited. If an employee loses a device, they're not leaving important data lying around for anyone to access. Vet how employees use their mobile devices so passwords and browsing history aren't saved on them.

This strategy is more efficient than using device tracking or remote data-wiping software after the fact. Thieves still have an opportunity to extract data if it's available to them, so instead make sure there's no data to steal in the first place.

Implement a Thorough Password Policy

Encourage the use of passwords at many levels. A laptop can be configured so that a password must be entered every time the machine starts up or comes out of a screen saver or sleep/hibernate mode. To thwart those who steal a laptop and try booting it through a CD or USB stick, a laptop's BIOS (basic input/output system) can be set to disable CD and USB booting, according to Tech Radar. This would also prevent someone from inserting a USB stick to steal data without even stealing the laptop, which protects information when an employee leaves a device alone and unprotected.

With mobile phones, users should set a short time frame for when the device locks and make sure it reopens only by inputting the proper password within a certain number of attempts. If too many attempts are made, the phone's data can be automatically wiped clean by programs offered by most phone manufacturers. Of course, contacts and data on the phone should be backed up frequently to an office- or cloud-based system or an external drive. That way, a data wipe won't hurt productivity.

Utilize Full-Disk Encryption

A stolen laptop can have its hard drive removed and attached to another computer, which could bypass account-password protections and allow easy access to data. Encrypting a laptop's hard drive can protect against this, as it means it can be accessed only when a key is supplied via a PIN, a password or from a USB stick. Full-disk encryption, as detailed by eSecurity Planet, is the most thorough procedure: All files are permanently encrypted, including temporary files the operating system or applications create, hibernation files and swap files. The encryption is done on the fly, so while your employees are accessing new data, it's automatically encrypted and stored.

Constantly Update Protection Software

Make sure your employees always download the latest updates to the antivirus and antimalware software your company uses so new bugs don't infiltrate their systems. Even with full-disk encryption, data that is emailed or copied to another system is capable of being affected.

One way to greatly reduce online risk away from the office is to connect a laptop to the Internet through a router cord that fits an ethernet jack, which keeps the computer isolated from other users on the network. When that's not possible, there's the risk that the device's firewall can be disabled by programs that attack the computer through a shared wireless connection. To eliminate this threat, use a virtual private network (VPN) whenever possible to get online.

If you could only make one major security measure across your company, what would it be? Let us know what you think by commenting below.

Rob Carey is an NCMM contributor and a features writer who has focused on the business-to-business niche since 1992. He spent his first 15 years at Nielsen Business Media, rising from editorial intern to editorial director. Since then, he has been the principal of New York–based Meetings & Hospitality Insight, working with large hospitality brands in addition to various media outlets.